The security of short-range communication systems such as NFC (Near Field Communication) and RFID (Radio Frequency Identification) systems are vulnerable to attacks such as relay attacks. In relay attacks, messages are relayed from the sender to a valid receiver of the message, often via an alternate communication channel. An illustration of a relay attack is shown in FIG. 1. A family 101 is on holiday and has just left their hotel room. The wife 102 has electronically locked hotel door 105 using a short range communication system keycard and put the keycard (not shown) into her pocket. Two attackers are involved in the relay attack: attacker 110 is holding a counterfeit keycard hidden in briefcase 120 and is standing near hotel door 105; attacker 115 has a keycard reader hidden in briefcase 130 and is standing near family 101. The counterfeit keycard in briefcase 120 and the keycard reader in briefcase 130 are connected via a fast, long distance communication channel which functions as a range extender for keycard reader 112 of hotel room door 105. If attacker 115 is close enough to family 101, hotel room door 105 can be opened because a connection can be established between keycard reader 112 of hotel room door 105 and the keycard in the pocket of wife 102.
Such a relay attack can be prevented if keycard reader 112 could get assurance that keycard 103 in the pocket of wife 102 is in the proximity of keycard reader 112. However, an existing stand-alone proximity check implemented in MIFARE PLUS operating in Security Level 3 violates ISO 14443 compliance because it uses a modified (incomplete) frame structure. Proximity checks that are ISO compliant are typically desired. Additionally, MIFARE PLUS uses a timing solution to determine proximity and is a one-way proximity check only. Only the reader checks for the proximity of the RFID card which means the RFID card has no independent way to verify the proximity of the reader. A two-way proximity check is typically more secure than a one-way proximity check.